AU2021102048A4

AU2021102048A4 - Method and system of performing a fine-grained searchable encryption for resource-constrained devices in m-health network

Info

Publication number: AU2021102048A4
Application number: AU2021102048A
Authority: AU
Inventors: Aniello Castiglione; Brij Bhooshan Gupta; Deepak Gupta; Ms. MAMTA; Tu Ngoc NGUYEN
Original assignee: Individual
Current assignee: Individual
Priority date: 2021-04-19
Filing date: 2021-04-19
Publication date: 2021-06-10
Anticipated expiration: 2029-04-19

Abstract

The present disclosure relates to an existing attribute-based keyword search method with constant-size secret keys and ciphertexts. The method consists of a system and the system comprises of a trusted authority (TA), a data owner, a data use, and a cloud server. The present disclosure proposes a searchable encryption scheme based on ABE in which access control is used to determine the searching capability of a user. The scheme provides constant size for the user's secret key and ciphertext of the keyword. The scheme supports fast search as the number of pairing operations are constant. The scheme used a ciphertext-policy (CP) design framework and supports an AND gate access structure. Further, the proposed CP-ABKS scheme is secure in the selective security model under augmented multi-sequence of exponents decisional Diffie Hellman assumption. 19 04C ra o .5 Sx I IL 1

Description

04C

o .5 Sx

ra

I IL

Method and system of performing a fine-grained searchable encryption for resource constrained devices in m-health network

FIELD OF THE INVENTION

The present disclosure relates to an attribute-based keyword search method with constant-size secret keys and ciphertexts and system thereof.

BACKGROUND OF THE INVENTION

The concept of m-Health is inspired by e-Health, which uses the Internet for healthcare practice. It is a sub-segment of e-Health and uses e-Health as its backbone. In m-Health, mobile devices are used for i) collecting health-related data, ii) storing them on the servers administered by healthcare providers and iii) delivering the information to the medical practitioners, researchers, and patients by performing the keyword-based search depending on the access rights of the particular individual. As health data is sensitive in nature and third party healthcare providers are potentially untrusted, there is a risk of data being compromised by an insider or an outsider. Therefore, the data needs to be stored in an encrypted form. However, there are several drawbacks to encrypting data. Encryption limits the user's ability to share the data and also inhibits the fundamental search operation over it.

In order to solve these problems, the concept of Attribute-Based Encryption (ABE) and Searchable Encryption (SE) comes into play. The combination of these two techniques leads to an attribute-based searchable encryption (ABSE) technique, which enables fine-grained search in the multi-user setting. The resulting technique is suitable where there is no constraint on the availability of resources because searching over encrypted data is itself a computationally intensive task, and if the fine-grained search is performed, it further increases the complexity, which makes it unsuitable for devices which have limited resources like battery life and memory.

However, in the present scenario, with the advent of mobile cloud computing, mobile devices have turned into essential computing gadgets for most of people. Therefore, the existing cryptographic solutions for searching over encrypted data using attribute-based encryption may not fit owing to their high computational complexity. So, the technique which is suitable for mobile devices should produce constant-size secret keys and ciphertexts, which is our primary contribution. The benefit of having constant-size secret keys and ciphertexts is two-fold; first, it reduces the computational cost significantly and second, it saves bandwidth of transmission channel.

In one of the existing solutions, first searchable encryption scheme in the public-key setting was proposed, which enables keyword search over encrypted data without disclosing any information about the keyword being searched. But, this technique is suitable only for searching over a small number of keywords and is not applicable in the scenario where multiple data owners share their data with multiple users.

To support the multi-user scenario, there arises a need for such a scheme which can enable fine-grained searching. So, the answer to this problem is to use the Attribute-Based Encryption scheme to construct the SE scheme where access policy is used to determine who can perform the search. In the first attribute-based keyword search (ABKS), the verifiability feature is also added to the basic fine-grained searching, through which one can verify the search result returned by the cloud server. Later, another scheme was proposed in addition to the verifiability of search result, they provided support for efficient user revocation. But, both schemes have the secret key size, the ciphertext size, and the numbers of pairing operations in search are proportional to the number of attributes, hence making them computationally expensive and thus unsuitable for resource constrained mobile devices. An idea was proposed to reduce this computational burden which increases linearly with number of attributes which outsource these heavy computational tasks to the cloud server, despite the fact that it reduces the computational burden on mobile devices but at the price of an increased communication cost. Consequently, a searchable encryption scheme was proposed where the main feature was anonymity and support for dynamic policy, respectively. But, the above-defined parameters were again proportional to the number of attributes. In the Dynamic Attribute-Based Keyword Search (DABKS) scheme, the task of updating the policy was delegated to the cloud server. Hence they had contributed towards reducing some overhead. At the same time an ABKS scheme was proposed that supported fast keyword search because of the constant number of pairing operations,but the size of the ciphertext and the secret key was proportional to the number of attributes. The main focus of a proposed paper was on improving the security of the ABKS scheme against keyword guessing attack (KGA) in addition to security against chosen keyword attack (CKA). An ABKS scheme was proposed, where the accuracy of the search result can be verified and also supported user revocation. All the above features, although enhance the functionality of searchable encryption but contribute a little towards reducing the computational complexity. An attribute based searchable encryption schemes, based on the key-policy design framework was proposed, where the focus is on reducing the computational complexity. The scheme generates constant size user secret key, trapdoor. It also has a constant number of pairing operations, which in other schemes mentioned above typically varies with the number of attributes associated with them. In addition, it efficiently supports user revocation where the computationally intensive tasks are delegated to the cloud server. An ABE scheme was proposed that supports frequent changes in the access tree, and hence it is named as dynamic policy ABE. This scheme generates secret keys of the constant size. From the proposed dynamic policy ABE scheme, the authors then presented a multi-keyword search scheme which inherits all the features of the proposed ABE scheme. Therefore, it provides constant size trapdoor and support for the fast search. Another two attribute-based searchable encryption (ABSE) schemes were proposed. The focus of one of these schemes is to incorporate secret key accountability which is a useful feature in any key-policy based ABSE scheme. In one of the existing solution efforts have been made to break the most common assumption of monotonic access structure, the proposed scheme can handle any non monotonic access structure which consists of AND, OR, NOT, and threshold gates. The features introduced in these schemes were indeed prominent. However, they have not taken optimization of computational cost into consideration.

An attribute-based keyword search scheme was proposed with its application in the e Health cloud. Later, a new attribute-based search scheme was proposed, which supports the multi-keyword search for personal health record in the multi-owner setting. At the same time, a fine-grained search using attribute-based encryption for e-Healthcare clouds was proposed. A survey of searchable encryption schemes used in healthcare clouds was given and a comparative analysis of all such schemes was performed based on their functionality, efficiency, and security. In the year 2018, an attribute-based search scheme was provided which has application in healthcare clouds. A searchable encryption scheme was proposed for big data-based mobile healthcare networks with the additional feature of verifiability of search result. A CP-ABE based searchable encryption scheme was proposed for the sharing of electronic health records (EHRs) with a feature of completely hiding the attributes in the access policy. Recently in 2019, two different searchable encryption schemes were proposed, for the sharing of electronic health records. A time-aware searchable encryption scheme was proposed, where a user cannot successfully execute a search query if it does not fall in the specified time range. A searchable encryption scheme was proposed based on an entirely new paradigm called the blockchain technology. The use of blockchain technology ensures the integrity and traceability of EHRs. The proposed scheme also ensures accurate search results without the need for any additional verification mechanism.In all the existing attribute-based searchable encryption schemes for healthcare networks, the size of the ciphertext and the secret key varies linearly with the number of attributes.

However, there are several drawbacks to encrypting data. Encryption limits the user's ability to share the data and also inhibits the fundamental search operation over it. Searching over encrypted data is itself a computationally intensive task, and if the fine-grained search is performed, it further increases the complexity, which makes it unsuitable for devices which have limited resources like battery life and memory. Therefore in order to avoid aforementioned drawbacks there is a need of an existing attribute-based keyword search method with constant size secret keys and ciphertexts.

SUMMARY OF THE INVENTION

The present disclosure relates to an existing attribute-based keyword search method with constant-size secret keys and ciphertexts. The present disclosure proposes a novel ABKS scheme with constant-size secret keys and ciphertexts, thus further reducing the computational cost. The present scheme uses a ciphertext-policy (CP) design framework and supports an AND gate access structure. Further, the proposed CP-ABKS scheme can be proved secure in the selective security model under augmented multi-sequence of exponent decisional Diffie-Hellman assumption. The objective of this disclosure is reducing computational complexity by making the size of the ciphertext constant in addition to the constant size secret key. ABE is taken into account to enable fine-grained searching. The considered scenario is where mobile devices are used for storing and retrieving the data. Therefore these parameters should be independent of the number of attributes so that overall cost can be reduced.

The present disclosure seeks to provide an existing attribute-based keyword search method with constant-size secret keys and ciphertexts, the method comprises: initializing system through a trusted authority (TA) by generating public parameters, master secret key, and a cloud secret using asetup technique; assigning secret key credentials to a user using KeyGen technique upon new joining of said user; calling Genndex technique to generate an index for keywords contained in a data file, and thereafter generating corresponding encrypted keywords while a data owner wants to share his/her data with other users; generating a trapdoor for specified keyword by using a Trapdoor technique and sending said generated trapdoor to said cloud server if said data user wants to search some data file that contains a specific keyword; and executing search technique on behalf of said user upon receiving of said trapdoor by said cloud server and returning search result 1/0.

The present disclosure also seeks to provide an existing attribute-based keyword search system with constant-size secret keys and ciphertexts. The system comprises: a trusted authority (TA) for initializing system by generating public parameters, master secret key, and a cloud secret using asetup technique;a data owner for outsourcing health data using computing devices to a third-party healthcare provider for sharing it with multiple users in a differential manner;a data user for retrieving health data stored by said data owner at said cloud server owned by said healthcare providers, wherein said data user generates a search trapdoor using Trapdoor technique to retrieve said health data; anda cloud server for storing encrypted health data and performing search operation on behalf of said data user.

An objective of the present disclosure is to provide an attribute-based keyword search method with constant-size secret keys and ciphertexts.

Another object of the present disclosure is toreduce the storage complexity by making the size of the ciphertext and the secret key invariable to the number of attributes.

Another object of the present disclosure is to use a ciphertext-policy (CP) design framework and supports an AND gate access structure.

Yet, another object of the present disclosure is to reduce the computational cost.

To further clarify advantages and features of the present disclosure, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings.

BRIEF DESCRIPTION OF FIGURES

These and other features, aspects, and advantages of the present disclosure will become better understood when the following detailed description is read with reference to the accompanying drawings in which like characters represent like parts throughout the drawings, wherein:

Figure 1 illustrates a flow chart of the proposed attribute-based keyword search method in accordance with an embodiment of the present disclosure;

Figure 2 illustrates a block diagram of the proposed attribute-based keyword system with in accordance with an embodiment of the present disclosure;

Figure 3 illustrates the structure and relation between attribute set (A) and access policy (P) in accordance with an embodiment of the present disclosure;

Figure 4 illustrates the functional architecture of the proposed CP-ABSE scheme in accordance with an embodiment of the present disclosure;

Figure 5 illustrates the system architecture for the proposed CP-ABSE scheme in accordance with an embodiment of the present disclosure;

Figure 6 illustrates the table of notations used in comparative analysis of proposed CP ABSE scheme in accordance with an embodiment of the present disclosure;

Figure 7 illustrates the table of comparative analysis of key features of the proposed CP ABSE scheme with existing schemes in accordance with an embodiment of the present disclosure;

Figure 8 illustrates the table comparison of storage cost of the proposed CP-ABSE scheme with existing schemes in accordance with an embodiment of the present disclosure;

Figure 9 illustrates the table of comparison of computational cost of the proposed scheme with existing schemes in accordance with an embodiment of the present disclosure;

Figure 10 illustrates the table average execution time (seconds) of the algorithms of the proposed scheme in accordance with an embodiment of the present disclosure;

Figure 11 illustrates the average execution time of different algorithms in the proposed CP-ABSE scheme in accordance with an embodiment of the present disclosure;

Further, skilled artisans will appreciate that elements in the drawings are illustrated for simplicity and may not have been necessarily been drawn to scale. For example, the flow charts illustrate the method in terms of the most prominent steps involved to help to improve understanding of aspects of the present disclosure. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein. DETAILED DESCRIPTION

For the purpose of promoting an understanding of the principles of the invention, reference will now be made to the embodiment illustrated in the drawings and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the invention as illustrated therein being contemplated as would normally occur to one skilled in the art to which the invention relates.

It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the invention and are not intended to be restrictive thereof.

Reference throughout this specification to "an aspect", "another aspect" or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.

The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such process or method. Similarly, one or more devices or sub-systems or elements or structures or components proceeded by "comprises.a" does not, without more constraints, preclude the existence of other devices or other sub-systems or other elements or other structures or other components or additional devices or additional sub-systems or additional elements or additional structures or additional components.

Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The system, methods, and examples provided herein are illustrative only and not intended to be limiting.

Embodiments of the present disclosure will be described below in detail with reference to the accompanying drawings.

Figure 1 illustrates a flow chart of an existing attribute-based keyword search method with constant-size secret keys and ciphertexts in accordance with an embodiment of the present disclosure. At step 102 the method 100 includes, initializing system through a trusted authority (TA) by generating public parameters, master secret key, and a cloud secret using a setup technique. [MSK, PP] <-- Setup(/, W,Att): This algorithm will take security parameter, /, the keyword space, W, and attribute universe, Att, as input and outputs the public parameters, PP, and master secret key, MSK.

At step 104 the method 100 includes, assigning secret key credentials to a user using KeyGen technique upon new joining of said user. SKu <-- KeyGen(PP, MSK, A):This algorithm takes public parameters, PP, master secret key, MSK, and the set of attributes, A, for the user, u, as input and returns the secret key,SKu, for that user.

At step 106 the method 100 includes, calling GenIndex technique to generate an index for keywords contained in a data file, and thereafter generating corresponding encrypted keywords while a data owner wants to share his/her data with other users. C, <-- GenIndex(PP,w, P): It takes public parameters, PP, keyword, wl, extracted from the health data and access policy, P, as input and outputs ciphertext, C1, for the keyword, wl, encrypted under owner's access policy, P.

At step 108 the method 100 includes, generating a trapdoor for specified keyword by using a Trapdoor technique and sending said generated trapdoor to said cloud server if said data user wants to search some data file that contains a specific keyword. TmTrapdoor(SKu,w): Data user will use this algorithm to generate the trapdoor for the keyword, w, using his secret key, SK. The generated trapdoor,Tm, is given to the cloud server to perform search for that keyword on the behalf of data user.

At step 110 the method 100 includes, executing search technique on behalf of said user upon receiving of said trapdoor by said cloud server and returning search result 1/0. 0/1 <- Search(PP,C, Tm):This algorithm will take the ciphertext, C, for the keyword, w, and the trapdoor, Tm, of the keyword, w, and performs search for that keyword without decrypting it. If a match (w, = wm) is found then it returns 1 else, it returns 0.

Figure 2 illustrates a block diagram of an existing attribute-based keyword search system with constant-size secret keys and ciphertexts in accordance with an embodiment of the present disclosure. The system 200 includes a trusted authority (TA) unit 102 for initializing system by generating public parameters, master secret key, and a cloud secret using a setup technique. It is an entity that grants essential credentials to the data owners and data users. The main role includes system setup and key management.

In an embodiment, a data owner unit 104 is used for outsourcing health data using computing devices to a third-party healthcare provider for sharing it with multiple users in a differential manner. It is an entity that wants to outsource his/her health data using mobile devices like mobile phones, tablet, etc. to a third party healthcare provider for the purpose of sharing it with multiple users in a differential manner. To maintain secrecy, health data is stored along with some keywords in an encrypted form. To encrypt the associated keywords data user runsGenIndex algorithm. Using these keywords, a user can search for health records. For example: A patient who has a history of heart attack wears a device that monitors his heart rate, basal body temperature, and basal metabolic rate. The collected health data is then sent to his healthcare provider along with a keyword, which is the patient's identity in an encrypted form.

In an embodiment, a data user unit 106 is used for retrieving health data stored by said data owner at said cloud server owned by said healthcare providers, wherein said data user generates a search trapdoor using Trapdoor technique to retrieve said health data. It is an entity that wants to retrieve the health data stored by the data owner at the cloud server owned by the healthcare providers. To retrieve the health data, the data user generates a search trapdoor using Trapdoor algorithm. Here, the role of the data user can be played by the doctor, researcher, hospital staff, or the patient himself. Now, the data user submits a request to the healthcare provider by sending a trapdoor for the keyword user who wants to search. For example: A doctor wants to track the health condition of a particular patient. He/she generates a trapdoor using the identity of that patient as a keyword and sends it to the cloud server maintained by the healthcare provider.

In an embodiment, a cloud server unit 108 is used for storing encrypted health data and performing search operation on behalf of said data user.It is an entity that stores the encrypted health data and performs search operation on behalf of the data user and is assumed to be honest, i.e. it correctly executes the search algorithm. Upon receiving the trapdoor from the user, the cloud server will perform a search over encrypted data using Search algorithm and returns the corresponding result to the user. In the above example, the cloud server will fetch the health record of the patient having a history of a heart attack. After analyzing the data, the doctor can monitor the current health condition of that patient.

Figure 3illustrates the Structure and Relation between Attribute Set (A) and Access Policy (P) in accordance with an embodiment of the present disclosure. LetAtt = {A 1 , A 2 , . . , An}be the attribute universe from which attributes are taken to define the access policy P with AND gates as defined in one of the existing solution. Let A be the set of attributes associated with a user and it is assumed thatA c Att. Similarly, P represents the access policy associated with a ciphertext. Both A and P are represented as binary strings of length n -bit, where |Att = n . Let A = aia 2 . . an and P = b1 b 2 bn .-- . If ai = 1 then the attributeAi E A, otherwiseAj V A. Similarly, if bi = 1 then the attributeAi E P, otherwiseAj V P.

An attribute set A associated with a user satisfies the access policy, P, if and only

ifV{i}, a bi. If A and P (ignore AND between the attributes inP) are assumed to be the set of attributes, thenA satisfies P if and only if P9A. For example: IfAtt = {A 1,A 2,A 3 A 4 A 5 } and

A = {A 1,A 2 ,A 4 } i.e. A = 11010 and P = {A 1,A 4 } i.e. P = 10010, it means A satisfies P if Ahas

attributes A 1and A 4 . In this example,V{i}, ai 2 bi or one can say P 9 A, therefore A satisfies P.

Figure 4illustrates the Functional Architecture of the Proposed CP-ABSE Scheme in accordance with an embodiment of the present disclosure. The proposed CP-ABSE scheme is composed of the probabilistic polynomial-time algorithms. Those algorithms are defined as:

[MSK,PP] <-- Setup(A, W,Att): This algorithm will take security parameter, A, the keyword space, W, and attribute universe, Att, as input and outputs the public parameters, PP, and master secret key, MSK.

SKu <-- KeyGen(PP, MSK, A):This algorithm takes public parameters, PP, master secret key, MSK, and the set of attributes, A, for the user, u, as input and returns the secret key,SKu, for that user.

C, <-- GenIndex(PP,wl, P): It takes public parameters, PP, keyword, wi, extracted from the health data and access policy, P, as input and outputs ciphertext, C 1, for the keyword, wi, encrypted under owner's access policy, P.

Tm <- Trapdoor(SK,wm): Data user will use this algorithm to generate the trapdoor for the keyword, wm, using his secret key, SK. The generated trapdoor,Tm, is given to the cloud server to perform search for that keyword on the behalf of data user.

0/1 <-- Search(PP,C1 , Tm):This algorithm will take the ciphertext, C 1, for the keyword, wi, and the trapdoor, Tm, of the keyword, wm, and performs search for that keyword without decrypting it. If a match (wi = wm) is found then it returns 1 else, it returns 0.

Correctness: The CP-ABSE scheme is correct if the following condition holds:

P) Search(pp, Tm, Ci)=1Ci- GenIndex(PP,wi, Tm<- Trapdoor(SKu,wm) 1)

The corresponding description of the execution order of algorithms is as follow:

Trusted authority (TA) initializes the system by generating public parameters, master secret key, and a cloud secret using the Setup algorithm. TA keeps the master secret key (MSK), publishes the public parameters (pp), and gives the cloud secret, c, to the cloud server.

When a new user joins the system, TA assigns the secret key credentials to that user using KeyGen algorithm.

When a data owner wants to share his/her data with other users, the data owner calls the GenIndex algorithm to generate an index for the keywords contained in a data file, and generates the corresponding encrypted keywords.

Now, if the data user wants to search some data file that contains a specific keyword, then he/she will generate a trapdoor for that specified keyword by using the Trapdoor algorithm and sends the generated trapdoor to the cloud server.

When the cloud server receives the trapdoor, the cloud server will execute Search algorithm on behalf of the user and returns the search result 1/0.

Figure 5 illustrates the System Architecture for the Proposed CP-ABSE Scheme in accordance with an embodiment of the present disclosure. The system is composed of the four parties, which are trusted authority (TA), data owner, data user, and cloud server. Trusted authority (TA) is an entity that grants essential credentials to the data owners and data users. Data owner is an entity that wants to outsource his/her health data using mobile devices like mobile phones, tablet, etc. to a third party healthcare provider for the purpose of sharing it with multiple users in a differential manner. To maintain secrecy, health data is stored along with some keywords in an encrypted form. To encrypt the associated keywords data user runs GenIndex algorithm. Using these keywords, a user can search for health records. For example: A patient who has a history of heart attack wears a device that monitors his heart rate, basal body temperature, and basal metabolic rate. The collected health data is then sent to his healthcare provider along with a keyword, which is the patient's identity in an encrypted form. Data user is an entity that wants to retrieve the health data stored by the data owner at the cloud server owned by the healthcare providers. To retrieve the health data, the data user generates a search trapdoor using Trapdoor algorithm. Here, the role of the data user can be played by the doctor, researcher, hospital staff, or the patient himself. Now, the data user submits a request to the healthcare provider by sending a trapdoor for the keyword user who wants to search. For example: A doctor wants to track the health condition of a particular patient. He/she generates a trapdoor using the identity of that patient as a keyword and sends it to the cloud server maintained by the healthcare provider.Cloud server is an entity that stores the encrypted health data and performs search operation on behalf of the data user and is assumed to be honest, i.e. it correctly executes the search algorithm. Upon receiving the trapdoor from the user, the cloud server will perform a search over encrypted data using Search algorithm and returns the corresponding result to the user. In the above example, the cloud server will fetch the health record of the patient having a history of a heart attack. After analyzing the data, the doctor can monitor the current health condition of that patient.

Figure 6 illustrates the table of notations used in Comparative Analysis of Proposed CP ABSE Scheme in accordance with an embodiment of the present disclosure. The table shows the comparative analysis of the proposed scheme with existing schemes in the literature on the basis of their features, storage cost, and computational cost. Figure 7 illustrates the table of comparative Analysis of Key Features of the Proposed CP-ABSE Scheme with Existing Schemes in accordance with an embodiment of the present disclosure. The table shows the comparative analysis of the key features of the proposed scheme with the existing ciphertext-policy attribute-based searchable encryption (CP-ABSE) schemes in the literature. The proposed scheme uses CP-ABE as an underlying encryption technique for the construction of the corresponding searchable encryption scheme while most of the existing schemes have used the CP design framework. The proposed scheme has used AND gate to represent the access policy, which is restrictive in nature as compared to the tree data structure. While in some of the exiting techniques, the access structure is of general form represented by a tree data structure, which consists of AND, OR, and threshold gates. The proposed scheme has the constant-size for the ciphertext, the secret key,and the constant number of pairing operations altogether. Figure 8 illustrates the table comparison of Storage Cost of the Proposed CP-ABSE Scheme with Existing Schemes in accordance with an embodiment of the present disclosure. The table describes the storage cost of secret key, ciphertext, and trapdoor of the proposed scheme and existing attribute-based keyword search schemes in the literature in a comparative manner. It can be observed that the proposed scheme achieves constant size for the secret key as well as for the keyword ciphertext. In the user's secret key, there are only two group elements of the source group G 1 , while in other existing schemes, there is a variable component (which denotes the number of attributes. Similarly, in the keyword ciphertext, there are four fixed components namely, a group element of the source group G 1 , two group elements of source group G 2 and a group element of target group GT, while in other existing schemes, there is a variable component N which represents the number of attributes in the access policy. Therefore, if the proposed scheme is used, there is a need to store an only a fixed number of components, making it suitable for the resource-constrained mobile devices used in the m-Health network as compared to the existing schemes.

Figure 9 illustrates the table of Comparison of Computational Cost of the Proposed Scheme with Existing Schemes in accordance with an embodiment of the present disclosure. Table compares the computational cost of various algorithms:KeyGe, Genlndex, Trapdoor and Search of the proposed scheme with the existing attribute-based keyword search schemes in the literature. It can be observed that in the proposed scheme, the time complexity for the KeyGen algorithm is significantly less as compared to the other schemes. While for the Genndex and Trapdoor algorithms, the time complexity is comparatively less because the number of bilinear pairing operations is constant as compared to existing schemes except in work by Wang et al. where the number of pairing operations is constant. However, the type of pairing operation is multi-linear pairing and is comparatively complex. Thus incurs higher cost as compared to the bilinear pairing used in the proposed scheme. As bilinear pairing is the most expensive operation, so the complexity increases with an increase in the number of such operations. In the Search algorithm, it can be observed that several works including the proposed work have achieved the constant number of pairing operations and thereby achieved fast search.

Figure 10 illustrates the table Average Execution Time (Seconds) of the Algorithms of the Proposed Scheme in accordance with an embodiment of the present disclosure. To demonstrate the performance, The number of attributes is varied in the attribute universe, the access policy and in the set, (, from 10 to 50 with a step length of 10 and in each step the experiment has been executed multiple times to find the average time taken by each algorithm. Here, the number of attributes in attribute universe, access policy, and the set { are kept same. Search Denotes the time taken by Search algorithm when the user attributes satisfy the access policy associated with the ciphertext, and Search 2 denotes the time taken by the Search algorithm when the user attributes fail to satisfy the access policy associated with the ciphertext. In the first case, the time taken by Search algorithm is significantly greater than the time taken by the second case. Because the second case signifies that the user is not authorized to perform the search, in this case, the system just aborts and returnsL. Therefore, the time taken by Search algorithm is quite less (few milliseconds). Further, it has been observed that the Setup and Search 1 algorithms are comparatively more expensive than the rest of the algorithms for the same number of attributes. However, the Setup algorithm is executed only once and the Search algorithm is executed over the cloud server which has plenty of resources. Hence they do not significantly affect the overall performance of the scheme as compared to the algorithm like Trapdoor which is executed quite frequently.

Figure 11 illustrates the Average Execution Time of Different Algorithms in the Proposed CP-ABSE Scheme in accordance with an embodiment of the present disclosure. The figure shows the plot of the average execution time taken by each algorithm against the number of attributes. Figure (a) shows the average execution time of Setup algorithm which increases linearly with the number of attributes because in Setup algorithm components like hi, yi and zi is computer for each attribute, and the number of exponentiation operations increase with the increase in the number of attributes. The figure (b) shows the average execution time of KeyGen algorithm. The secret key assigned to the user is independent of the number of attributes and will always have two fixed components. The figure (c) shows that the average execution time of GenIndex algorithm increases linearly with the number of attributes because of the component C2 and C 3 where the number of exponentiation operations increases with the increase in the number of attributes. The figure (d) shows that the average execution time of Trapdoor algorithm also increases linearly with the number of attributes because of a single component, T 3 , which depends on the number of attributes. The figure (e) & (f) shows the average execution time of Search algorithm when the user attributes satisfy the owner access policy and fail to satisfy the owner access policy, respectively. In both cases, the average time is constant. In figure (e) the reason for the constant time is the constant number of pairing operations. In the proposed scheme, the number of pairing operations does not depend upon the number of attributes. Therefore, irrespective of the increase in number of attributes, the proposed scheme takes nearly the same time and hence results in fast search. The figure (f) denotes the fine grained authorization where the user fails the authorization check, and nothing will be checked further. The system just aborts the search process. The time taken to check whether the user's attributes satisfy the owner's access policy does not vary with the number of attributes. Hence, the time taken is constant. The results also justify the asymptotic time complexity.

The drawings and the forgoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, orders of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples. Numerous variations, whether explicitly given in the specification or not, such as differences in structure, dimension, and use of material, are possible. The scope of embodiments is at least as broad as given by the following claims.

Benefits, other advantages, and solutions to problems have been described above with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any component(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential feature or component of any or all the claims.

Claims

WE CLAIM

1. An attribute-based keyword search method with constant-size secret keys and ciphertexts, the method comprises: initializing system through a trusted authority (TA) by generating public parameters, master secret key, and a cloud secret using a setup technique; assigning secret key credentials to a user using KeyGen technique upon new joining of said user; calling Genlndex technique to generate an index for keywords contained in a data file, and thereafter generating corresponding encrypted keywords while a data owner wants to share his/her data with other users; generating a trapdoor for specified keyword by using a Trapdoor technique and sending said generated trapdoor to said cloud server if said data user wants to search some data file that contains a specific keyword; and executing search technique on behalf of said user upon receiving of said trapdoor by said cloud server and returning search result 1/0.

2. The method as claimed in claim 1, wherein said TA keeps said master secret key (MSK), publishes said public parameters (pp), and gives said cloud secret, c, to said cloud server.

3. The method as claimed in claim 1, wherein to implement cyclic groups, there are two primitives, namely, finite fields and elliptic curves, wherein to ensure security, recommended field size in finite fields is 1024-bit, and recommended group order in elliptic curves is around 160-bits.

4. The method as claimed in claim 1 and 2, wherein said trusted authority grants essential credentials to said data owners and data users.

5. An attribute-based keyword search system with constant-size secret keys and ciphertexts, the system comprises: a trusted authority (TA) for initializing system by generating public parameters, master secret key, and a cloud secret using a setup technique; a data owner for outsourcing health data using computing devices to a third-party healthcare provider for sharing it with multiple users in a differential manner; a data user for retrieving health data stored by said data owner at said cloud server owned by said healthcare providers, wherein said data user generates a search trapdoor using Trapdoor technique to retrieve said health data; and a cloud server for storing encrypted health data and performing search operation on behalf of said data user.

6. The system as claimed in claim 5, wherein health data is stored along with some keywords in an encrypted form to maintain secrecy and thereby data user runs Genndex technique to encrypt associated keywords.

7. The system as claimed in claim 5, wherein said data user submits a request to healthcare provider by sending a trapdoor for said keyword user who wants to search.

8. The system as claimed in claim 5, wherein said cloud server performs a search over encrypted data using search technique upon receiving said trapdoor from said user and thereby returns corresponding result to said user.

9. The system as claimed in claim 5, wherein said cloud server fetch said health record of patient having a history of a disease.

10. The system as claimed in claim 5, wherein said secret key is a collection of group elements and size of said secret key, as well as public parameters is same as size of the group element.